Ray Marden wrote on Jan 14, 2012, 07:13:A number of people do have bad passwords, but go look at the studies on the current crop of multi-core CPUs and GPUs can quickly break through any alpha-numeric strings in ever shrinking periods of time. With no other security in place, a password is only a minor nuisance.

That does require that someone actually gets your password hash (i.e. the site is hacked). Which is, of course, why you should be using separate passwords per site. If someone gets your hash on one site, and you're reusing that password on multiple sites, you're extra screwed.